Social Networks

What Does This Add-on Do?

Trading your Facebook Wall and News Feed for a scam survey

Most Facebook scams will lure users into clicking a link to a shocking/amazing video, while actually taking them to a survey scam. To do purpose, they will either use an app to post automatic messages in the victims’ name or ask the unsuspecting victims to share or like content and indirectly endorse the scam message. Once users realize they’ve been duped, they’ll have to remove the scam posts/app from their account and warn others about it.

Sometimes, some doubts will linger. “What if the scam cannot be removed? What if my Facebook account is out of control now?”. Knowledge is power, so let’s analyze a survey scam and get better equipped against this kind of threats.

It all begins with…the scam bait:

If you like to stay up to date with social media security news, you might recognize this “fellow” here. It’s an old timer, first reported in November 2011, as you can see in this Facecrooks article. It’s been updated to fit the latest scam trend so it now prompts you to install a browser plugin. Unless you’re a Firefox or Chrome user, you won’t get the full scam story and you’ll be taken to the endless survey list.

Lucky Firefox or Chrome users, here’s your invitation to install the Prenium (!) plugin.

Follow the instructions, hit F5 and ta-da! The video advertised in the initial Facebook post is played. At this point, you might feel relieved believing that there was no scam at all.

Go back to your Facebook account, ‘cause you’re in for a nasty surprise.

Quick question: “Do you know how to uninstall a browser extension without asking Google?”. While you think about this, let’s continue with the scam analysis.

Back to Facebook, the first impulse is to check the News Feed for any new post. No sign of your Feed, just a loading icon. That is very unusual.

Once the loading is complete, the browser redirects you to a webpage bearing a disturbing message “Your account was recently accessed from a location we’re not familiar with.’ The text goes on trying to scare  you into believing there’s something wrong with your Facebook account. Unfortunately, the option to ‘Continue’ with the account verification process is not available because it is blocked by the one thing the hoped to escape: the scam survey…

In most cases, closing the page will get you out of this tight spot. But in this case it does not solve anything, because the warning page comes back up no matter what you click: Facebook Profile, Messages, Privacy Settings. All roads lead to ……the survey.

So, have you found out how to uninstall a browser extension? This is the only thing that will end the highjack and allow you to access your account. If you do not know the steps, you can read them here for Firefox and here for Chrome. Of course, accessing Facebook from a clean browser is another option, but just a temporary one. Unauthorized browser add-ons can be updated by their developer and create even more issues.

The browser add-on method is a recent development in the world of social scams and it seems to be quite efficient. While illegitimate add-ons used to only post dozens of automatic scam messages on behalf the tricked user, now they try to gain control over the account and lock the user out. Mark my words: that’s not the last you’ll hear from scammy add-ons!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

 

About the author

Tudor FLORESCU

With experience in detecting and analyzing online threats, Tudor Florescu is going one step further and writes about them, trying to explain computer threats to the average user. His background in Foreign Languages and Communication combined with a passion for the Web, doesn